x86/efi: Add GHCB mappings when SEV-ES is active
authorTom Lendacky <thomas.lendacky@amd.com>
Mon, 7 Sep 2020 13:16:12 +0000 (15:16 +0200)
committerBorislav Petkov <bp@suse.de>
Thu, 10 Sep 2020 19:48:50 +0000 (21:48 +0200)
commit39336f4ffb2478ad384075cf4ba7ef2e5db2bbd7
treea3b7660370d24d993046a07b47364e1a73fa8b1f
parent4ca68e023b11e4d5908bf9ee326fab01111d77d5
x86/efi: Add GHCB mappings when SEV-ES is active

Calling down to EFI runtime services can result in the firmware
performing VMGEXIT calls. The firmware is likely to use the GHCB of the
OS (e.g., for setting EFI variables), so each GHCB in the system needs
to be identity-mapped in the EFI page tables, as unencrypted, to avoid
page faults.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
[ jroedel@suse.de: Moved GHCB mapping loop to sev-es.c ]
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lkml.kernel.org/r/20200907131613.12703-72-joro@8bytes.org
arch/x86/boot/compressed/sev-es.c
arch/x86/include/asm/sev-es.h
arch/x86/kernel/sev-es.c
arch/x86/platform/efi/efi_64.c